Skip to content

SBK Operations Startup Priorities

Strategic prioritization for getting SBK Consulting operational and revenue-generating

Created: 2026-01-26 Status: Discovery Phase Next Review: Weekly until operational

Executive Summary

This document identifies the critical path to first revenue and provides a phased approach to building out SBK's operations infrastructure. The operations repository has excellent structure (15 directories with frameworks) but requires content creation to become operational.

Key Insight: Focus on what blocks revenue first. A perfect marketing system with no contracts is useless. A beautiful website with no delivery SOPs creates client risk.

Current State Assessment

What Exists

  • 15-directory operational structure
  • Skills integration framework (SBP, LI, CO, CLE, DAM, SGS)
  • SDK code patterns and automation hooks
  • Service pillar definitions (Protect, Plan, Operate, Innovate)
  • 8 target personas identified
  • 6 compliance frameworks mapped
  • Lead scoring model defined
  • Brand voice specifications

What's Missing

  • Actual legal templates (MSA, SOW, NDA)
  • Delivery SOPs for services
  • Pricing structure documentation
  • Proposal templates
  • Sales playbooks with real objection handling
  • Content assets (one-pagers, case studies)
  • Target account lists
  • CRM/pipeline tracking

Phase 0: Critical Path (Blocks First Revenue)

These items must exist before you can sign a client. No shortcuts.

Why Critical: You cannot legally engage a client without a signed contract. You cannot protect your IP, limit liability, or ensure payment without proper agreements.

Documents to Create

Document Priority Complexity Notes
MSA (Standard) P0 High Needs legal review
Mutual NDA P0 Low Standard template exists
SOW - vCISO P0 Medium Your likely first sale
SOW - Assessment P0 Medium HIPAA or SOC 2 focus
BAA (HIPAA) P1 Medium Required for healthcare
Invoice Template P0 Low Accounting integration

Entity Structure 1. What is SBK's legal entity? (LLC, S-Corp, C-Corp) 2. What state is it registered in? 3. Who has signing authority for contracts? 4. Do you have an EIN and business bank account?

Legal Counsel 5. Do you have a business attorney for contract review? 6. What's your budget for initial legal review? ($2-5K typical) 7. Any existing MSA or SOW templates from prior work?

Liability & Insurance 8. Do you have E&O (Professional Liability) insurance? Amount? 9. Do you have Cyber Liability insurance? Amount? 10. Do you have General Liability insurance? 11. What liability cap are you comfortable with? ($1M typical for SMB) 12. Any specific indemnification concerns from past experience?

Payment Terms (Currently flexible/per-client) 13. What payment terms have you used that worked well? 14. What payment terms have caused issues? (late payment, collections) 15. Any minimum deposit % you want to establish for projects? 16. Will you accept credit cards? (3% fee consideration) 17. For retainer clients, what invoicing frequency works best? 18. Any late payment penalties you want to enforce consistently?

Note: Payment terms are currently negotiated per client. Consider documenting a "menu" of acceptable options rather than a single standard.

IP & Confidentiality 18. Who owns deliverables — client or SBK retains rights? 19. Can you use client logos/names in marketing? (Case study permission) 20. Any work product you want to retain as templates?

Minimum Viable Contract Stack

09-contracts-legal/
├── msa-templates/
│   └── msa-standard.md          ← Create first
├── sow-templates/
│   ├── sow-vciso.md             ← Create first
│   └── sow-assessment.md        ← Create second
├── nda-templates/
│   └── nda-mutual.md            ← Create first
├── compliance/
│   └── baa-template.md          ← If healthcare focus
└── insurance/
    └── certificate-of-insurance.md

2. Service Delivery SOPs (07-service-delivery)

Why Critical: You need to know exactly how you'll deliver before you promise anything. SOPs ensure consistent quality, enable delegation, and protect against scope creep.

Discovery Questions: Service Delivery

Service Focus 1. What's your primary service offering at launch? - [ ] vCISO (recurring revenue, relationship-based) - [ ] Compliance Assessment (project-based, clear scope) - [ ] Risk Assessment (project-based) - [ ] Penetration Testing (specialized, tool-dependent) - [ ] IT Strategy (consulting, less technical)

  1. What's your secondary service offering?

  2. Which compliance framework will you lead with?

  3. HIPAA (healthcare — large market, clear requirements)
  4. SOC 2 (SaaS/tech — growing demand)
  5. NIST CSF (general — flexible framework)
  6. CMMC (defense — specialized, high barrier)
  7. PCI DSS (retail/payments — specific vertical)

Methodology & Tools 4. Do you have existing methodology documentation from prior work? 5. What GRC/compliance platform will you use? - [ ] Drata - [ ] Vanta - [ ] Secureframe - [ ] Manual (spreadsheets) - [ ] Other: ______

  1. What scanning/assessment tools do you have access to?
  2. Nessus / Qualys / Rapid7
  3. Burp Suite / OWASP ZAP
  4. CrowdStrike / SentinelOne

  5. Cloud security tools (AWS Security Hub, Azure Defender)

  6. What collaboration tools for client work?

  7. Microsoft 365 / SharePoint
  8. Google Workspace
  9. Notion / Confluence
  10. Other: ______

Pricing Structure 8. What's your hourly rate? (Market: $150-300/hr for vCISO) 9. What's your day rate for assessments? (Market: $2,500-5,000/day) 10. vCISO monthly retainer structure? - [ ] Hours-based (e.g., 20 hrs/month @ $X) - [ ] Fixed monthly fee (e.g., $5,000/month) - [ ] Tiered packages (Bronze/Silver/Gold)

  1. Assessment pricing model?

    • Fixed fee by scope
    • Day rate × estimated days
    • T&M with cap

  2. What's included vs. extra?

    • Remediation support: Included / Extra / Separate SOW
    • Follow-up questions: Included / Time-boxed / Extra
    • Deliverable revisions: X rounds included

Capacity & Resources 13. How many concurrent clients can you handle? 14. What's your target utilization rate? (75-85% typical) 15. Will you use contractors/subcontractors? 16. If yes, do you have contractor agreements ready?

Quality & Risk 17. What's your deliverable review process? 18. Do you have a peer reviewer or QA process? 19. What's your escalation path if something goes wrong? 20. Any specific client situations that have caused problems before?

Minimum Viable SOP Stack

07-service-delivery/
├── sops/
│   ├── engagement-kickoff-sop.md      ← Create first
│   ├── deliverable-review-sop.md      ← Create first
│   ├── engagement-closeout-sop.md     ← Create first
│   └── time-tracking-sop.md
├── protect/
│   ├── vciso-engagement-sop.md        ← If vCISO focus
│   └── hipaa-gap-sop.md               ← If healthcare focus
│   └── soc2-gap-sop.md                ← If tech/SaaS focus
└── quality-assurance/
    └── qa-checklist.md

vCISO Engagement SOP Outline

If vCISO is your first service, this SOP needs:

## vCISO Engagement SOP

### 1. Engagement Setup (Day 1-5)
- [ ] Contract signed, kickoff scheduled
- [ ] Client access provisioned (email, systems, tools)
- [ ] Stakeholder list obtained
- [ ] Current security documentation requested
- [ ] Initial security posture questionnaire sent

### 2. Assessment Phase (Month 1)
- [ ] Security program maturity assessment
- [ ] Policy and procedure inventory
- [ ] Technical security review (high-level)
- [ ] Compliance gap identification
- [ ] Risk register initialization
- [ ] 90-day priority roadmap created

### 3. Ongoing Operations (Monthly)
- [ ] Security metrics dashboard update
- [ ] Policy review/updates as needed
- [ ] Vendor security assessments
- [ ] Security awareness coordination
- [ ] Incident response support
- [ ] Compliance monitoring
- [ ] Monthly executive report

### 4. Deliverables
- Monthly security report (template: deliverables/vciso-monthly-report.md)
- Quarterly risk assessment update
- Annual security roadmap refresh
- Ad-hoc: incident reports, vendor assessments, policy documents

### 5. Communication Cadence
- Weekly: 30-min check-in with IT lead
- Monthly: 1-hour executive briefing
- Quarterly: Board/leadership presentation (if required)
- Ad-hoc: Incident response, urgent items

3. Foundation: Pricing & Positioning (00-foundation + 01-gtm-strategy)

Why Critical: You can't sell if you can't articulate value and quote a price confidently.

Discovery Questions: Positioning & Pricing

Differentiation 1. Why vendor-neutral? What's the story? 2. What's the most compelling vendor conflict story you've seen? 3. What do clients typically pay for conflicted advice? (waste quantification) 4. Enterprise-grade expertise — what specifically? (clearances, agencies, projects) 5. "Since 2010" — what's the origin story?

Competitive Position 6. Who are you losing deals to? 7. Who are you winning deals against? 8. What do competitors charge? (for pricing calibration) 9. What do clients say when they choose you? 10. What do clients say when they don't choose you?

Value Quantification 11. What's the typical cost of a compliance failure for your target clients? 12. What's the typical IT waste you find in assessments? (30-40% claim) 13. What's the average audit remediation cost if they fail first time? 14. Can you quantify "pass audits first try" — time saved, cost avoided?

Target Market Clarity 15. Which industry vertical is your strongest? 16. What company size is your sweet spot? (50-500 employees stated) 17. What's the minimum engagement size worth your time? 18. What's the maximum engagement size you can handle? 19. Geographic focus — local, regional, national, remote?

First Client Profile 20. Describe your ideal first client in detail 21. Do you have any warm leads or existing relationships? 22. What's the fastest path to first signed contract? 23. Any imminent compliance deadlines in your network?

Minimum Viable Positioning Documents

00-foundation/
├── brand/
│   ├── positioning-statement.md      ← Create first
│   ├── elevator-pitch.md             ← Create first
│   └── origin-story.md
├── personas/
│   └── [primary-persona].md          ← Create first (pick one)
└── value-cases/
    └── [primary-value-case].md       ← Create first (pick one)

01-gtm-strategy/
├── pricing/
│   ├── rate-card.md                  ← Create first
│   └── pricing-guide.md
└── market-positioning/
    └── differentiation-talking-points.md

Phase 1: Sales Foundation (Weeks 2-4)

Once you can legally engage and know how to deliver, you need to sell.

4. Sales Pipeline Setup (05-sales-pipeline)

Discovery Questions: Sales Process

Current State 1. How are you tracking opportunities today? 2. Do you have a CRM? Which one? 3. What's your current pipeline value? 4. How many active conversations do you have?

Sales Process 5. What's your typical sales cycle length? 6. How many meetings to close? 7. Who's involved in client buying decisions? 8. What triggers a buying decision for your clients?

Qualification 9. What makes a lead qualified vs. unqualified? 10. What's your minimum deal size? 11. What are immediate disqualifiers? 12. How do you handle "not right now" responses?

Proposals 13. Do you have existing proposal templates? 14. What's your proposal turnaround time target? 15. Do you present proposals live or send them? 16. What's your follow-up cadence after proposal?

Minimum Viable Sales Stack

05-sales-pipeline/
├── qualification/
│   └── qualification-criteria.md     ← Simple BANT
├── discovery/
│   └── discovery-questions.md        ← By persona
├── proposal/
│   └── proposal-template.md          ← One template
└── templates/
    ├── follow-up-email-1.md
    ├── follow-up-email-2.md
    └── proposal-cover-email.md

5. Templates (14-templates)

Minimum Viable Template Stack

Template Purpose Priority
Proposal template Sales P1
Assessment report template Delivery P1
vCISO monthly report Delivery P1
Meeting notes template Operations P2
Project status template Delivery P2 
14-templates/
├── proposals/
│   └── proposal-standard.md
├── deliverables/
│   ├── assessment-report-template.md
│   └── vciso-monthly-report-template.md
└── internal/
    └── meeting-notes-template.md

6. One Complete Persona (00-foundation/personas)

Discovery Questions: Primary Persona

If you're targeting Solo IT Director (SMB):

  1. What size company? (employees, revenue)
  2. What industries specifically?
  3. What's their typical IT budget?
  4. What keeps them up at night?
  5. What's their relationship with leadership?
  6. What triggers them to seek outside help?
  7. What solutions have they tried that failed?
  8. What do they read/follow for industry news?
  9. Where do they hang out professionally? (LinkedIn groups, associations)
  10. What's the compelling event that creates urgency?

If you're targeting Managing Partner (Law Firms):

  1. What size firm? (attorneys, staff)
  2. What practice areas?
  3. What's their biggest compliance concern?
  4. Who actually makes IT decisions?
  5. What's their relationship with current IT support?
  6. What triggers a security conversation?
  7. What would make them switch providers?
  8. What bar associations or groups are they in?
  9. What's their tolerance for technology change?
  10. How do they measure IT success?

Phase 2: Growth Enablers (Weeks 5-12)

7. Prospecting (04-prospecting)

Discovery Questions: Prospecting

  1. Do you have a target account list today?
  2. What data sources do you have access to? (LinkedIn Sales Nav, ZoomInfo, etc.)
  3. What's your LinkedIn network size?
  4. Any warm introductions available?
  5. What associations or groups are you part of?
  6. Any speaking or content you've done before?
  7. What's your outreach comfort level? (cold call, email, LinkedIn)

Minimum Viable Prospecting Stack

04-prospecting/
├── target-lists/
│   └── target-accounts-v1.csv       ← 50-100 accounts
├── outreach-sequences/
│   ├── linkedin-connection-sequence.md
│   └── email-cold-sequence.md
└── lead-scoring/
    └── scoring-criteria-simple.md

8. Playbooks (11-playbooks)

Minimum Viable Playbook Stack

11-playbooks/
├── sales/
│   ├── discovery-call-playbook.md
│   ├── objection-handling.md
│   └── competitive-positioning.md
└── delivery/
    └── engagement-playbook.md

Common Objections to Document

Objection Response Strategy
"You're too expensive" ROI focus, cost of breach, waste discovery
"We already have IT/MSP" Vendor-neutral differentiation, augmentation
"We're too small" Compliance requirements don't care about size
"Not a priority right now" Compliance deadline, risk exposure quantification
"Need to think about it" Identify specific concerns, create urgency
"Can you do it cheaper?" Value anchoring, scope adjustment options
"We'll handle it internally" Expertise gaps, opportunity cost

9. Content Library (02-content-library)

Discovery Questions: Content

  1. Have you written any blog posts or articles?
  2. Any presentations you've given?
  3. What topics do you get asked about most?
  4. Any compliance guides or checklists you've created?
  5. Comfort level with video content?
  6. Any podcast or webinar experience?

Minimum Viable Content Stack

02-content-library/
├── thought-leadership/
│   └── [first-blog-post].md         ← One cornerstone piece
├── case-studies/
│   └── case-study-template.md       ← Template for future
└── one-pagers/
    └── [primary-service]-one-pager.md

10. Onboarding (08-onboarding)

Minimum Viable Onboarding Stack

08-onboarding/
├── client-onboarding/
│   ├── onboarding-checklist.md
│   ├── welcome-email-template.md
│   └── access-request-template.md
└── internal/
    └── new-engagement-setup.md

Phase 3: Scale Preparation (Months 3-6)

Future Priorities (Not Now)

Directory When Why Wait
03-campaigns Month 3+ Need content first
06-competitive-intel Month 2+ Refine as you lose/win deals
10-knowledge-base Month 3+ Build from delivery experience
12-cimp Month 4+ Platform integration after manual works
13-analytics Month 3+ Need data to analyze first

Implementation Roadmap

┌─────────────────────────────────────────────────────────────────┐
│ Day 1-2: Answer legal discovery questions                       │
│ Day 3-4: Draft MSA, NDA, primary SOW template                  │
│ Day 5:   Legal review scheduled/initiated                       │
│ Day 5:   Pricing structure documented                          │
└─────────────────────────────────────────────────────────────────┘

Week 2: Delivery Foundation

┌─────────────────────────────────────────────────────────────────┐
│ Day 1-2: Answer delivery discovery questions                    │
│ Day 3-4: Create primary service SOP (vCISO or assessment)      │
│ Day 5:   Create engagement kickoff and closeout SOPs           │
│ Day 5:   Deliverable templates created                         │
└─────────────────────────────────────────────────────────────────┘

Week 3: Sales Foundation

┌─────────────────────────────────────────────────────────────────┐
│ Day 1:   CRM/tracking system selected and configured           │
│ Day 2:   Qualification criteria documented                      │
│ Day 3:   Discovery questions by persona created                │
│ Day 4:   Proposal template created                             │
│ Day 5:   Follow-up email sequences drafted                     │
└─────────────────────────────────────────────────────────────────┘

Week 4: Prospecting Launch

┌─────────────────────────────────────────────────────────────────┐
│ Day 1-2: Primary persona profile completed                      │
│ Day 3:   50 target accounts identified                         │
│ Day 4:   Outreach sequences created                            │
│ Day 5:   First outreach batch sent                             │
└─────────────────────────────────────────────────────────────────┘

Success Metrics

Phase 0 Complete When:

  • MSA template reviewed by attorney
  • At least one SOW template ready
  • NDA template ready
  • Pricing documented and confident
  • Primary service SOP written
  • Can articulate 30-second pitch consistently

Phase 1 Complete When:

  • CRM/tracking in place
  • Proposal template ready
  • Discovery call questions documented
  • First proposal sent
  • Follow-up sequences active

Phase 2 Complete When:

  • 50+ target accounts in pipeline
  • Active outreach running
  • First piece of content published
  • Sales playbook documented
  • First client onboarded successfully

Quick Reference: Skill Activation

Task Primary Skill Command/Invoke
Contract templates content-library-engine @template-system.md
Pricing strategy strategic-business-planning @financial-modeling.md
Service SOPs strategic-business-planning @operations-digital-twin.md
Persona development strategic-business-planning @market-analysis.md
Qualification framework lead-intelligence @qualification-frameworks.md
Proposal creation content-library-engine @brief-to-draft.md
Outreach sequences campaign-orchestration @email-pipeline.md

Next Steps

  1. Schedule discovery session to answer the questions in this document
  2. Prioritize based on answers — first service determines first SOPs
  3. Create minimum viable documents — done > perfect
  4. Iterate based on real client feedback — first engagement will reveal gaps

Document generated: 2026-01-26 Framework: Strategic Business Planning v2.3.0 Review cycle: Weekly until Phase 1 complete